NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年6月28日20:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
244151	4.3	MEDIUM	cisco	ios	The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.	CWE-399 リソース管理の問題	CVE-2012-5039	2014-04-24 01:44	2014-04-23	表示	GitHub Exploit DB Packet Storm

244152	4.6	MEDIUM	cisco	ios catalyst_6500 catalyst_7600	The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an o…	CWE-264 認可・権限・アクセス制御	CVE-2012-5037	2014-04-24 01:38	2014-04-23	表示	GitHub Exploit DB Packet Storm

244153	6.8	MEDIUM	cisco	ios	Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.	CWE-399 リソース管理の問題	CVE-2012-5036	2014-04-24 01:31	2014-04-23	表示	GitHub Exploit DB Packet Storm

244154	6.4	MEDIUM	cisco	ios	The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN tr…	CWE-287 不適切な認証	CVE-2012-5032	2014-04-24 00:41	2014-04-23	表示	GitHub Exploit DB Packet Storm

244155	6.3	MEDIUM	cisco	ios	Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (…	NVD-CWE-noinfo	CVE-2012-5014	2014-04-24 00:18	2014-04-23	表示	GitHub Exploit DB Packet Storm

244156	5.0	MEDIUM	cisco	ios	The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated …	CWE-287 不適切な認証	CVE-2012-4658	2014-04-24 00:13	2014-04-23	表示	GitHub Exploit DB Packet Storm

244157	4.3	MEDIUM	cisco	ios	Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Towe…	CWE-189 数値処理の問題	CVE-2012-4651	2014-04-23 23:58	2014-04-23	表示	GitHub Exploit DB Packet Storm

244158	4.9	MEDIUM	cisco	ios	Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.	NVD-CWE-noinfo	CVE-2012-4638	2014-04-23 23:54	2014-04-23	表示	GitHub Exploit DB Packet Storm

244159	4.3	MEDIUM	cisco	ios catalyst_2900 catalyst_2900_vlan catalyst_2900xl	Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certa…	NVD-CWE-noinfo	CVE-2012-3918	2014-04-23 23:42	2014-04-23	表示	GitHub Exploit DB Packet Storm

244160	5.7	MEDIUM	cisco	ios	Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a ne…	CWE-20 不適切な入力確認	CVE-2012-3062	2014-04-23 23:35	2014-04-23	表示	GitHub Exploit DB Packet Storm

244161	4.3	MEDIUM	vasthtml	forumpress	Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HT…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6623	2014-04-23 23:35	2014-01-17	表示	GitHub Exploit DB Packet Storm

244162	7.2	HIGH	ruckuswireless	zoneflex_2942__firmware zoneflex_2942	Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructi…	CWE-264 認可・権限・アクセス制御	CVE-2013-5030	2014-04-23 23:26	2013-10-16	表示	GitHub Exploit DB Packet Storm

244163	5.4	MEDIUM	cisco	ios	The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.	CWE-119 バッファエラー	CVE-2012-1317	2014-04-23 23:21	2014-04-23	表示	GitHub Exploit DB Packet Storm

244164	5.0	MEDIUM	cisco	ios	Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.	CWE-399 リソース管理の問題	CVE-2012-0360	2014-04-23 23:18	2014-04-23	表示	GitHub Exploit DB Packet Storm

244165	4.3	MEDIUM	siege	phpmyid	Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.con…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2890	2014-04-23 22:37	2014-04-22	表示	GitHub Exploit DB Packet Storm

244166	6.8	MEDIUM	carbonblack	carbon_black	Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative …	CWE-352 同一生成元ポリシー違反	CVE-2014-1615	2014-04-23 21:36	2014-04-22	表示	GitHub Exploit DB Packet Storm

244167	3.3	LOW	freedesktop	poppler	The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on tem…	CWE-59 リンク解釈の問題	CVE-2013-4472	2014-04-23 21:20	2014-04-22	表示	GitHub Exploit DB Packet Storm

244168	6.4	MEDIUM	vtiger	vtiger_crm	modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPa…	CWE-20 不適切な入力確認	CVE-2014-2269	2014-04-23 01:31	2014-04-22	表示	GitHub Exploit DB Packet Storm

244169	5.8	MEDIUM	eduserv	openathens_service_provider	Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."	CWE-287 不適切な認証	CVE-2012-5353	2014-04-23 01:29	2012-10-10	表示	GitHub Exploit DB Packet Storm

244170	7.5	HIGH	fitnesse	fitnesse_wiki	FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.	NVD-CWE-Other	CVE-2014-1216	2014-04-23 01:24	2014-04-22	表示	GitHub Exploit DB Packet Storm

244171	7.5	HIGH	fitnesse	fitnesse_wiki	Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"	NVD-CWE-Other	CVE-2014-1216	2014-04-23 01:24	2014-04-22	表示	GitHub Exploit DB Packet Storm

244172	6.4	MEDIUM	pimcore	pimcore	The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all…	CWE-20 不適切な入力確認	CVE-2014-2922	2014-04-23 00:06	2014-04-22	表示	GitHub Exploit DB Packet Storm

244173	7.5	HIGH	pimcore	pimcore	The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, w…	CWE-94 コード・インジェクション	CVE-2014-2921	2014-04-23 00:04	2014-04-22	表示	GitHub Exploit DB Packet Storm

244174	5.0	MEDIUM	cisco	cns_network_registrar	The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.	CWE-20 不適切な入力確認	CVE-2014-2155	2014-04-22 04:59	2014-04-20	表示	GitHub Exploit DB Packet Storm

244175	5.0	MEDIUM	siemens	sinema_server	Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.	CWE-20 不適切な入力確認	CVE-2014-2733	2014-04-22 04:31	2014-04-20	表示	GitHub Exploit DB Packet Storm

244176	9.3	HIGH	siemens	sinema_server	Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.	NVD-CWE-noinfo	CVE-2014-2731	2014-04-22 04:28	2014-04-20	表示	GitHub Exploit DB Packet Storm

244177	6.8	MEDIUM	toshibatec	e-studio-232 e-studio-233 e-studio-282 e-studio-283	Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authen…	CWE-352 同一生成元ポリシー違反	CVE-2014-1990	2014-04-22 04:23	2014-04-20	表示	GitHub Exploit DB Packet Storm

244178	5.0	MEDIUM	progea	movicon	The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.	CWE-200 情報漏えい	CVE-2014-0778	2014-04-22 03:50	2014-04-20	表示	GitHub Exploit DB Packet Storm

244179	4.9	MEDIUM	remote-rac	rac_server	PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which tr…	CWE-20 不適切な入力確認	CVE-2014-2597	2014-04-22 03:15	2014-04-19	表示	GitHub Exploit DB Packet Storm

244180	4.3	MEDIUM	digium	asterisk	The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS requ…	CWE-20 不適切な入力確認	CVE-2014-2288	2014-04-22 02:50	2014-04-19	表示	GitHub Exploit DB Packet Storm

244181	3.5	LOW	digium	asterisk	res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request witho…	CWE-20 不適切な入力確認	CVE-2014-2289	2014-04-22 02:50	2014-04-19	表示	GitHub Exploit DB Packet Storm

244182	3.5	LOW	digium fedoraproject	certified_asterisk asterisk fedora	channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when c…	CWE-20 不適切な入力確認	CVE-2014-2287	2014-04-22 02:37	2014-04-19	表示	GitHub Exploit DB Packet Storm

244183	7.5	HIGH	digium fedoraproject	asterisk fedora certified_asterisk	main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote a…	CWE-20 不適切な入力確認	CVE-2014-2286	2014-04-22 02:20	2014-04-19	表示	GitHub Exploit DB Packet Storm

244184	3.5	LOW	f-secure	secure_messaging_secure_gateway	Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new par…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2844	2014-04-22 00:08	2014-04-18	表示	GitHub Exploit DB Packet Storm

244185	7.5	HIGH	f-secure	anti-virus email_and_server_security server_security	SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Ant…	CWE-89 SQLインジェクション	CVE-2013-7369	2014-04-21 23:49	2014-04-18	表示	GitHub Exploit DB Packet Storm

244186	5.8	MEDIUM	kokuyo	camiapp	The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.	CWE-264 認可・権限・アクセス制御	CVE-2014-1986	2014-04-19 13:48	2014-04-16	表示	GitHub Exploit DB Packet Storm

244187	7.8	HIGH	lightwitch prosody	metronome prosody	plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cau…	CWE-20 不適切な入力確認	CVE-2014-2744	2014-04-19 13:48	2014-04-11	表示	GitHub Exploit DB Packet Storm

244188	7.8	HIGH	prosody	prosody	Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream,…	CWE-264 認可・権限・アクセス制御	CVE-2014-2745	2014-04-19 13:48	2014-04-11	表示	GitHub Exploit DB Packet Storm

244189	5.0	MEDIUM	juniper	junos srx100 srx110 srx210 srx220 srx240 srx550 srx650	Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when …	NVD-CWE-noinfo	CVE-2014-0612	2014-04-19 13:46	2014-04-15	表示	GitHub Exploit DB Packet Storm

244190	5.0	MEDIUM	wireshark	wireshark	The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote atta…	CWE-20 不適切な入力確認	CVE-2013-7112	2014-04-19 13:45	2013-12-20	表示	GitHub Exploit DB Packet Storm

244191	5.0	MEDIUM	wireshark	wireshark	Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote …	CWE-119 バッファエラー	CVE-2013-7114	2014-04-19 13:45	2013-12-20	表示	GitHub Exploit DB Packet Storm

244192	4.3	MEDIUM	reviewboard	review_board	Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arb…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2209	2014-04-19 13:35	2013-07-31	表示	GitHub Exploit DB Packet Storm

244193	1.9	LOW	xen	xen	Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hyp…	CWE-20 不適切な入力確認	CVE-2013-1917	2014-04-19 13:34	2013-05-14	表示	GitHub Exploit DB Packet Storm

244194	4.7	MEDIUM	xen	xen	Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table tra…	CWE-119 バッファエラー	CVE-2013-1918	2014-04-19 13:34	2013-05-14	表示	GitHub Exploit DB Packet Storm

244195	4.7	MEDIUM	xen	xen	Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs …	CWE-264 認可・権限・アクセス制御	CVE-2013-1919	2014-04-19 13:34	2013-05-14	表示	GitHub Exploit DB Packet Storm

244196	6.1	MEDIUM	xen	xen	Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause …	CWE-16 環境設定	CVE-2012-5634	2014-04-19 13:28	2013-02-15	表示	GitHub Exploit DB Packet Storm

244197	5.0	MEDIUM	net-snmp	net-snmp	The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous…	CWE-20 不適切な入力確認	CVE-2014-2310	2014-04-19 00:52	2014-04-17	表示	GitHub Exploit DB Packet Storm

244198	6.8	MEDIUM	amos_benari	rbovirt	The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.	CWE-310 暗号の問題	CVE-2014-0036	2014-04-18 22:48	2014-04-17	表示	GitHub Exploit DB Packet Storm

244199	6.4	MEDIUM	redhat	openstack	PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized co…	CWE-264 認可・権限・アクセス制御	CVE-2014-0071	2014-04-18 01:00	2014-04-17	表示	GitHub Exploit DB Packet Storm

244200	4.7	MEDIUM	emc	cloud_tiering_appliance_software cloud_tiering_appliance file_management_appliance_software file_management_appliance	EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-depen…	CWE-255 証明書・パスワード管理	CVE-2014-0645	2014-04-18 00:10	2014-04-17	表示	GitHub Exploit DB Packet Storm